Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 400 and 401] [Versions 401 and 402] [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Handles LTI 1.3 resource link launches.
  19   *
  20   * See enrol/lti/launch_deeplink.php for deep linking launches.
  21   *
  22   * There are 2 pathways through this page:
  23   * 1. When first making a resource linking launch from the platform. The launch data is cached at this point, pending user
  24   * authentication, and the page is set such that the post-authentication redirect will return here.
  25   * 2. The post-authentication redirect. The launch data is fetched from the session launch cache, and the resource is displayed.
  26   *
  27   * @package    enrol_lti
  28   * @copyright  2021 Jake Dallimore <jrhdallimore@gmail.com>
  29   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  30   */
  31  
  32  use enrol_lti\local\ltiadvantage\lib\http_client;
  33  use enrol_lti\local\ltiadvantage\lib\issuer_database;
  34  use enrol_lti\local\ltiadvantage\lib\launch_cache_session;
  35  use enrol_lti\local\ltiadvantage\repository\application_registration_repository;
  36  use enrol_lti\local\ltiadvantage\repository\context_repository;
  37  use enrol_lti\local\ltiadvantage\repository\deployment_repository;
  38  use enrol_lti\local\ltiadvantage\repository\legacy_consumer_repository;
  39  use enrol_lti\local\ltiadvantage\repository\resource_link_repository;
  40  use enrol_lti\local\ltiadvantage\repository\user_repository;
  41  use enrol_lti\local\ltiadvantage\service\tool_launch_service;
  42  use enrol_lti\local\ltiadvantage\utility\message_helper;
  43  use Packback\Lti1p3\ImsStorage\ImsCookie;
  44  use Packback\Lti1p3\LtiMessageLaunch;
  45  use Packback\Lti1p3\LtiServiceConnector;
  46  
  47  require_once(__DIR__ . '/../../config.php');
  48  global $CFG;
  49  require_once($CFG->libdir . '/filelib.php');
  50  
  51  $idtoken = optional_param('id_token', null, PARAM_RAW);
  52  $launchid = optional_param('launchid', null, PARAM_RAW);
  53  
  54  if (!is_enabled_auth('lti')) {
  55      throw new moodle_exception('pluginnotenabled', 'auth', '', get_string('pluginname', 'auth_lti'));
  56  }
  57  if (!enrol_is_enabled('lti')) {
  58      throw new moodle_exception('enrolisdisabled', 'enrol_lti');
  59  }
  60  if (empty($idtoken) && empty($launchid)) {
  61      throw new coding_exception('Error: launch requires id_token');
  62  }
  63  
  64  // Support caching the launch and retrieving it after the account binding process described in auth::complete_login().
  65  $sesscache = new launch_cache_session();
  66  $issdb = new issuer_database(new application_registration_repository(), new deployment_repository());
  67  $cookie = new ImsCookie();
  68  $serviceconnector = new LtiServiceConnector($sesscache, new http_client(new curl()));
  69  if ($idtoken) {
  70      $messagelaunch = LtiMessageLaunch::new($issdb, $sesscache, $cookie, $serviceconnector)
  71          ->validate();
  72  }
  73  if ($launchid) {
  74      $messagelaunch = LtiMessageLaunch::fromCache($launchid, $issdb, $sesscache, $serviceconnector);
  75  }
  76  if (empty($messagelaunch)) {
  77      throw new moodle_exception('Bad launch. Message launch data could not be found');
  78  }
  79  
  80  // Authenticate the platform user, which could be an instructor, an admin or a learner.
  81  // Auth code needs to be told about consumer secrets for the purposes of migration, since these reside in enrol_lti.
  82  $launchdata = $messagelaunch->getLaunchData();
  83  if (!empty($launchdata['https://purl.imsglobal.org/spec/lti/claim/lti1p1']['oauth_consumer_key'])) {
  84      $legacyconsumerrepo = new legacy_consumer_repository();
  85      $legacyconsumersecrets = $legacyconsumerrepo->get_consumer_secrets(
  86          $launchdata['https://purl.imsglobal.org/spec/lti/claim/lti1p1']['oauth_consumer_key']
  87      );
  88  }
  89  
  90  // To authenticate, we need the resource's account provisioning mode for the given LTI role.
  91  if (empty($launchdata['https://purl.imsglobal.org/spec/lti/claim/custom']['id'])) {
  92      throw new \moodle_exception('ltiadvlauncherror:missingid', 'enrol_lti');
  93  }
  94  $resourceuuid = $launchdata['https://purl.imsglobal.org/spec/lti/claim/custom']['id'];
  95  $resource = array_values(\enrol_lti\helper::get_lti_tools(['uuid' => $resourceuuid]));
  96  $resource = $resource[0] ?? null;
  97  if (empty($resource) || $resource->status != ENROL_INSTANCE_ENABLED) {
  98      throw new \moodle_exception('ltiadvlauncherror:invalidid', 'enrol_lti', '', $resourceuuid);
  99  }
 100  
 101  $provisioningmode = message_helper::is_instructor_launch($launchdata) ? $resource->provisioningmodeinstructor
 102      : $resource->provisioningmodelearner;
 103  $auth = get_auth_plugin('lti');
 104  $auth->complete_login(
 105      $messagelaunch->getLaunchData(),
 106      new moodle_url('/enrol/lti/launch.php', ['launchid' => $messagelaunch->getLaunchId()]),
 107      $provisioningmode,
 108      $legacyconsumersecrets ?? []
 109  );
 110  
 111  global $USER, $CFG, $PAGE;
 112  // Page URL must be set before the require_login check, so that things like policies can redirect back with the launchid.
 113  $PAGE->set_url(new moodle_url('/enrol/lti/launch.php'), ['launchid' => $messagelaunch->getLaunchId()]);
 114  
 115  require_login(null, false);
 116  $PAGE->set_context(context_system::instance());
 117  $PAGE->set_pagelayout('popup'); // Same layout as the tool.php page in Legacy 1.1/2.0 launches.
 118  $PAGE->set_title(get_string('opentool', 'enrol_lti'));
 119  
 120  $toollaunchservice = new tool_launch_service(
 121      new deployment_repository(),
 122      new application_registration_repository(),
 123      new resource_link_repository(),
 124      new user_repository(),
 125      new context_repository()
 126  );
 127  [$userid, $resource] = $toollaunchservice->user_launches_tool($USER, $messagelaunch);
 128  
 129  $context = context::instance_by_id($resource->contextid);
 130  if ($context->contextlevel == CONTEXT_COURSE) {
 131      $courseid = $context->instanceid;
 132      $redirecturl = new moodle_url('/course/view.php', ['id' => $courseid]);
 133  } else if ($context->contextlevel == CONTEXT_MODULE) {
 134      $cm = get_coursemodule_from_id(false, $context->instanceid, 0, false, MUST_EXIST);
 135      $redirecturl = new moodle_url('/mod/' . $cm->modname . '/view.php', ['id' => $cm->id]);
 136  } else {
 137      throw new moodle_exception('invalidcontext');
 138  }
 139  
 140  if (empty($CFG->allowframembedding)) {
 141      $stropentool = get_string('opentool', 'enrol_lti');
 142      echo html_writer::tag('p', get_string('frameembeddingnotenabled', 'enrol_lti'));
 143      echo html_writer::link($redirecturl, $stropentool, ['target' => '_blank']);
 144  } else {
 145      redirect($redirecturl);
 146  }